honey traps an forensics does it work?

the forensic investagations using honey traps is broken into two different investagations, the investagation begins as the honey trap give back info on the hackers doings... the second investagation is based on the findings from the production service.

the goal is that the honey pot will produce a damage report and a signature for the hacker for example if someone broke into a honeytrap it would tell you these things... identity, tactics, tools, targets and other info

the production system side of things doesnt produce as much info the signature may only be partial and it will tell you things like...tactics, tools, targets and other info

the main point of the investagation is to identify the hacker in the production system but it only give you a partial signature and a damage report without the identity the hacker cannot be charged...the honey trap can prove all this but because the honey trap is not a real life thing the hackers can claim that it is not admissable in court as they were brought to the trap

the police may be able to argue if they can prove for sure that the honeypot hacker an on the productions system are the same person only then may they charge them with criminal damages but as u can tell this is alot harder to do than it looks

pitfalls of honey traps

there are several potential pitfalls, one based on the foundation of bein a system that is established to be compromised. the concern is that one an attacker enters the honey trap it may be able to use or steal of the honey trap for an illicit purpose. containment involves the policies architecture, procedures and techniques taken by a honey trap creator to protect agaist such an attack.

a second concern they have is that once the attacker enters the honey trap it may attack the honeytrap itself, shielding there actions there actions from the designed moniters or by destroyin or modifying the honey trap activity logs.